The CyberWire Daily Briefing 05.31.16

Summary

By The CyberWire Staff

Cyber tensions rise around the Arabian Gulf. Palo Alto Networks reports on espionage campaign, “OilRig,” deploying the Helminth backdoor against targets in Saudi Arabia’s banking and defense sectors. Helminth’s command-and-control infrastructure contains clues suggesting Iranian origin. Iran says its Statistics Centre sustained an unspecified cyber attack traceable to Saudi IP addresses.

The Russia-linked PawnStorm/Sofacy cyber espionage group is said to be newly active against targets in Finland, especially those targets showing an interest in Russian operations in Ukraine and Syria.

Symantec says it’s found evidence pointing to North Korean involvement in the Bangladesh Bank theft and similar attempts on banks in other Asian countries. Investigators in Bangladesh render their report to the Finance Ministry. They take care not to absolve SWIFT, but they now say an insider may have been involved. Banks around the world continue to work with SWIFT and various national standards bodies to shore up the security of funds transfers.

Old social media data breaches continue to trouble users. About 360 million MySpace credentials have turned up for sale on the dark web, as have 65 million Tumblr user emails and passwords. In both cases the data were lost in breaches that occurred a few years ago.

Check Point reports vulnerabilities in widely used LG Android devices.

IBM warns of “bug poaching.” Criminals hack into a network, and then offer to explain the vulnerability they exploited in exchange for payment. Asks are running at around $30,000.

Industry observers see high, but newly selective, VC interest in cyber.

Notes.

Today's issue includes events affecting Albania, Australia, Bangladesh, Canada, China, European Union, Finland, France, Iran, India, Kazakhstan, Kenya, Democratic Peoples Republic of Korea, Kyrgyzstan, Malaysia, Myanmar, Nepal, Nigeria, Pakistan, Philippines, Russia, Saudi Arabia, South Africa, United States and Uzbekistan

On the Podcast

Catch the CyberWire's Podcast later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we learn about one-time pads, the only mathematically unbreakable encryption, from Quintessence Labs' Vikram Sharma. And our guest today is Ryan Trost of Threat Quotient, who'll be discussing the utility of attack attribution. (And please note: we welcome iTunes reviews.)

Selected Reading

Cyber Trends

Global profiles of the typical fraudster (Help Net Security) Technology is an important tool to help companies fight fraud, but many are not succeeding in using data analytics as a primary tool for fraud detection

Internet Of Things Needs Data-Centric Security (iTech Post) The Internet of Things (IoT) and big data form an ecosystem with expanded security risks. Experts believe that IoT needs more data-centric security

Health care providers shore up against cyber attackers (MiBiz) Cyber thieves are increasingly seeking to steal patient data from health care providers

Cyber threats in Africa: 'it's just the beginning' says expert. (IT Web) A member of Deloitte's soon-to-be-launched Cyber Intelligence Centre says the worst is yet to come

Legislation, Policy and Regulation

Iran orders social media sites to store data inside country (Reuters) Iran has given foreign messaging apps a year to move data they hold about Iranian users onto servers inside the country, prompting privacy and security concerns on social media

Iran forces messaging apps to move data to Iranian servers (TechCrunch) Companies behind popular messaging apps have a year to move all the data they have on Iranian users onto servers in Iran, according to Reuters. This raises concerns about privacy

China’s State-Sponsored Cyber Attacks Must Stop (Globalist) Washington’s politicians must take cybersecurity as seriously as experts and U.S. business do

The Grand Cyber Spy Game: Russia, America, and China Stealing th World One Byte at a Time (Modern Diplomacy) Every month another story of cybertheft linked to China or Russia emerges. Recent data breaches at Target, United Airlines, Blue Cross Blue Shield, and OPM have been linked back to Russia, while theft of key technology across major Department of Defense contractors such as Lockheed Martin and US government laboratories have been linked to China

Cybersecurity: the case for a European approach (Open Democracy) The EU objective of developing a cyber ‘soft’ power privileging defence, resilience and civil society, sharply contrasts with national cybersecurity policies developed both inside and outside Europe

Malaysia Prepared For Cyber Threats, Says Jailani Johari (Malaysia Digest) Malaysia is constantly prepared for cyber threats, says Deputy Communications and Multimedia Minister Datuk Jailani Johari

Weapons-grade research (Honi Soit) Victoria Zerbst on how the Defence Trade Controls Act could impact academia

CFAA Amendment Would Make the Life of a Security Researcher Even Tougher (Softpedia) US senators try to pass the same sneaky amendments that didn't pass in CISA, now hidden inside the Email Privacy Act

Why a power grid attack is a nightmare scenario (The Hill) Stores are closed. Cell service is failing. Broadband Internet is gone. Hospitals are operating on generators, but rapidly running out of fuel

Prospect of catastrophic cyber attack triggers interest in insurance backstop (Business Insurance) Opinions differ on whether the time has come to establish a federal backstop that would respond to losses caused by catastrophic cyber attacks similar to the U.S. facility that backstops terrorism losses

Enhancing National Cybersecurity Requires Surrendering the Crypto War (Lawfare) On Monday, Paul Rosenzweig suggested a number of areas in which the recently formed Commission on Enhancing National Cybersecurity should focus in charting the US government’s path forward. While I agree the government must rethink strategic policy choices, Rosenzweig is putting the cart before the horse. Before we can construct an effective long-term policy agenda, the government must first repair a number of critical relationships

No time to relax: A digital security commission for the next generation (The Hill) The current controversy over encrypted communications and devices is the symptom of a larger security challenge, not a cause

Preparing for Increased Cybersecurity Information Sharing (JDSupra) Cybersecurity remains a top focus of government regulators, and the prevailing trend is to encourage information sharing between the government and private entities to combat cybersecurity threats

FIDO Alliance: Government policy should evolve with technology (Secure ID News) Authentication is important for governments seeking solutions for improved security, privacy, interoperability, and better customer experience

Can GSA’s 18F succeed where 3 other ID management projects have struggled? (Federal News Radio) When the General Services Administration’s 18F organization announced it was taking on the long-standing challenge of identity authentication and credentialing for government services, my first thought was “here we go again"

Congressman: Why is the White House Exempt from Federal Cyber Rules? (Nextgov) When federal Chief Information Officer Tony Scott testified Wednesday before the House Oversight and Government Reform Committee to make the case for a $3.1 billion IT modernization fund, he faced a series of questions about the government’s archaic systems – some of which are more than 50 years old

Products, Services, and Solutions

Facebook now tracking and showing ads to people who don’t use Facebook (Naked Security) Accusations that Facebook tracks non-users as they browse around the web have dogged it for years. Well, now we can stop calling them accusations thanks to an announcement on 26 May 2016 from the Social Network itself

Cylance to offer customized AI-designed cybersecurity solutions in APAC (Voice & Data) Cylance, Singapore-based cybersecurity solutions company that uses artificial intelligence to proactively prevent advanced persistent threats and malware, has decided to expand its Asia Pacific operations with a tailored approach that could be ideal for satisfying customer needs in specific APAC countries

RapidFire Tools Launches New Tool That Enables MSPs to Deliver Internal IT Security Services (EIN News) RapidFire Tools Inc. today launched Detector™, a new software appliance that enables managed services providers (MSPs) to more easily identify internal threats to client networks, which according to industry reports, account for more than half of all breaches

Main One partners Radware on robust DDOS mitigation (Nation) Main One, the premier connectivity and data centre Solutions Company in West Africa and Radware, a leading provider of cyber security and application delivery solutions, have launched an outsourced Managed Security Service

Parrot Security OS 3.0 "Lithium" Is a Linux Distro for Cryptography & Anonymity (Softpedia) A Debian-based, cloud-friendly penetration testing OS

Technologies, Techniques, and Standards

Payment Application Data Security Standard 3.2 released (Help Net Security) The PCI Security Standards Council (PCI SSC) published a new version of its data security standard for payment software, the Payment Application Data Security Standard (PA-DSS) version 3.2

Ultimate Guide To DDoS Protection: Strategies And Best Practices (Dark Reading) To be in the best position to defend against DDoS, companies need to protect against a range of exploitable vulnerabilities -- and have the tools to detect and react to attacks

How visibility can help detect and counter DDoS attacks (Help Net Security) It’s been proven that preventive medical strategies are more cost-effective for treatment and better solutions to support long-term health than reactive medical measures. Anticipating issues and preparing for and supporting healthy systems is simply more logical than troubleshooting and fixing things when they go wrong

Exclusive: New strategies to combat cyber attacks, from LogRhythm (Security Brief) Some SMEs are are paying lip service to cyber security, opening themselves up to being just another statistic in the malicious cyber crime game. That's according to Bill Smith, LogRhythm sales and customer relationship manager and Bill Taylor, LogRhythm Asia-Pacific and Japan CEO

Cyber security awareness training critical for businesses, data breaches changing online behaviours (Canadian Underwriter) Employees need to become advocates of cyber security to reduce associated risks and help better protect the businesses for which they work, suggests Joe Ferrara, president and CEO of Pittsburgh-based Wombat Security Technologies

Forcepoint's George Kamis talks about cyber alert overload (FedScoop) Federal agencies are dealing with a multitude of cybersecurity monitoring systems, but too many notifications can cause "alert fatigue," he said

Prioritising threat intelligence (SC Magazine) Steven Rogers advises steps that will allow security teams to prioritise threats based on relevant threat intelligence

Tor takes on the question, “What if one of us is using loaded dice? (Naked Security) Here at Naked Security, we’re fond of randomness. By that, we mean the sort of real randomness that you get from radioactive decay, or background cosmic microwave radiation

Marketplace

Doctor, doctor, can insurance help my startup in the case of a data breach or cyber-attack? (TechCityNews) You’re right to be concerned. As a digital business, you’re a prime candidate for a data breach or cyber-attack, with the latest Government Security Breaches Survey showing that a third of small organisations were affected in 2015

Growing advanced threats will augment the IT security market through 2020 (Help Net Security) Research analysts are forecasting positive growth for many segments of the global IT security market over the next four years as several markets including BYOD security, mobile payment security software, and contactless smart card market in banking sector, will witness an increase in revenues

What $98M in New Security Investments Means to the Market (eWeek) vArmour, Agari, Dashlane, Votiro and others raised new funding this week. What does this suggest about the state of enterprise security?

Cyber security demand sends billings soaring at Sophos (Investors Chronicle) As organisations increasingly embrace mobile devices and conduct business online, hackers and data thieves are jumping for joy. Recent cyber attacks on companies such as LinkedIn (US:LNKD) and TalkTalk (TALK) have fuelled demand at Sophos (SOPH), which provides end-user and network security software to more than 220,000 organisations worldwide. The upshot was adjusted cash profits of $121m (£82.4m) in the year to March, up almost a third at constant currencies

Palo Alto Networks Grows by Displacing Incumbent Network Security (Enterprise Networking Planet) Third quarter revenues grow to $345.8M, though the company still isn't profitable

Splunk Inc (SPLK): Analysts Remain Positive After Robust Earnings (Bidness Etc.) Splunk Inc. (NASDAQ:SPLK) shares dipped almost 4% during the pre-market hours today, and opened down more than 1% as trading commenced

Telstra flags more cyber-sec investments after vArmour (CISO) Telstra’s venture capital arm has flagged fresh rounds of investment in cyber security in Asia after revealing details of a new cloud computing security investment

Vencore captures first task under $460M cyber command contract (Washington Technology) Vencore Inc. has captured one of the first task orders under a new $460 million multiple award contract for the U.S. Cyber Command

Twitter pays $322,420 to bug hunters under ‘HackerOne’ program (Indian Express) 'HackerOne' program has been an invaluable resource for finding and fixing security vulnerabilities

Plurilock Names Former Director of NSA to its Board (Plurilock) Vice Adm. Mike McConnell Retd. joins Canadian cyber security firm

Research and Development

Data61's mission to wipe out the password (IT News) Researchers want to authenticate you by the way you swipe

Security Patches, Mitigations, and Software Updates

Tor switches to DuckDuckGo search results by default (TechCrunch) Tor users are currently being served DuckDuckGo search results by default

Verizon’s HTC 10 Update Brings Camera Improvements and Bug Fixes (Nashville Chatter) Verizon has begun rolling out software updates for the new HTC 10 – updates that are meant to bring improvements to the camera software as well as tag along additional fixes

Cyber Attacks, Threats, and Vulnerabilities

Russian cyber-espionage group hits Sanoma (Yle) Yle has obtained new evidence of cyber-attacks on Finnish targets by a cyber-espionage group linked to Russian state intelligence. The group, known as Sofacy or Pawn Storm, has attempted to hack into data communications of Finland's largest group, Sanoma, as well as of a Finnish member of Bellingcat, an international group investigating the Ukraine conflict

OilRig Cyber-Espionage Campaign Targets Saudi Arabia's Banks and Defense Sector (Softpedia) Threat group deploys new backdoor named Helminth

Iran's Police: Recent cyber-attack against government website traced back to Saudi Arabia (AhlulBayt News Agency) Iran’s Cyber Police Chief General Kamal Hadianfar said a recent cyber-attack against a government website in the country has been traced back to IP addresses in three Arab countries, including Saudi Arabia

Kaspersky Lab: How new cyber espionage group Danti is targeting govt (Financial Express) Cybersecurity is an area of great concern in business as well as government circles. Internet security experts have identified a major cyberespionage activity in India

North Korea Linked to Cyberattacks on World Banks (Voice of America) Cybersecurity firm Symantec has found evidence that North Korea is behind the recent string of attacks on several Asian banks

Insiders at Bangladesh's Central Bank May Have Helped Cyber Steal $81 Million (VICE News and Reuters) Officials of Bangladesh Bank may have been involved in the brazen theft of $81 million from its own account with the New York Federal Reserve Bank in February, the head of a government-appointed panel investigating the cyber heist told reporters on Monday

Banks pressed to step up defences against cyber attack (Financial Times) Banks received a double dose of pressure to tighten up their defences against cyber attack on Friday as they were admonished on the subject by one of Europe’s top regulators and the Swift global payment messaging system

Cyber attack on Philippine bank a wake-up call — IT experts (Interaksyon) Financial institutions and other sectors in the country need to beef up their cybersecurity infrastructure in light of the reported cyber-attack of a local bank

MySpace Data Breach Exposes Passwords for 427 Million Users (Softpedia) LeakedSource, a company that maintains a searchable database of credentials leaked in data breaches, has revealed today it added over 427 million user records to its immense database, after earlier this week it also added 167 million LinkedIn account

MySpace.com was hacked (LeakedSource) LeakedSource has obtained and added a copy of this data to its ever-growing searchable repository of leaked data

MySpace breach potentially the largest ever (ITNews) Hackers offer 360 million user credentials for 6 Bitcoin

Reddit resets passwords after LinkedIn data dump (SCMagazine) Reddit announced it would require users to reset their passwords following the release of a dataset containing 100 million LinkedIn emails and password combinations from a 2012 breach

65 million Tumblr users’ email addresses, passwords sold on dark web (Help Net Security) Email addresses and hashed and salted passwords of 65 million Tumblr users are being sold online by “peace_of_mind,” aka “Peace”, the individual that recently offered for sale LinkedIn users’ data dating back to a 2012 breach

65 million Tumblr users should probably be careful… (WeLiveSecurity) Earlier this month, Tumblr revealed that it had recently become aware that user addresses and salted and hashed passwords dating back to 2013 had fallen into the hands of hackers

Sandjacking: New iOS Threat Lets Attackers Out of the Box (IBM Security Intelligence) Apple devices are gaining popularity with a dubious group: cybercriminals. As noted by ITProPortal, iOS threat XcodeGhost has now cracked the top three “most common” families of active malware

Check Point finds dangerous vulnerabilities in LG mobile devices (Help Net Security) Check Point found two vulnerabilities which can be used to elevate privileges on LG mobile devices to attack them remotely. These vulnerabilities are unique to LG devices, which account for over 20% of the Android OEM market in the US

Bug Poaching: A New Extortion Tactic Targeting Enterprises (IBM Security Intelligence) Imagine a scenario in which burglars break into your home but steal nothing and don’t harm anything inside. Instead, these burglars take pictures of all your precious belongings and personal assets. Later that day, you receive a letter with copies of all these pictures and an alarming message: “If you’d like to know how we broke into your house, please pay us large sums of money”

Locky ransomware continues to bypass security (IT Pro) XORed JavaScript used to evade detection

Fiverr Suffers Six-Hour DDoS Attack After Removing DDoS-for-Hire Listings (Softpedia) Crooks give Fiverr a piece of their mind

Dedupe, dedupe, dedupe dedupe dedupe... Who snuck in to attack Microsoft Edge? (Register) DRAM, dude! Rowhammer brings down secure browser

Users Fail To Update Adobe Flash Player, Being Vulnerable To Attacks (Neurogadget) Researchers have discovered that some users have failed to install the latest patch released by Adobe for a zero-day vulnerability and hackers took advantage of the situation and continued infecting vulnerable devices with ransomware or Trojans that steal online banking logins and passwords

Companies Are Slow to Patch Latest OpenSSL Flaw (Softpedia) 37.42 percent of the Alexa 10,000 sites remain vulnerable

France Weather Forecast Website Hacked By Anti-War Hacker (HackRead) An Albanian hacker going with the handle of Amar^SHG hacked and defaced the official website of Météo-France (Weather Forecast France) last Monday 23rd May

Facebook’s Twin in North Korea Identified and Hacked within a Single day (Hack Read) Andrew McKean, an 18-year old from Scotland, revealed that he successfully logged into the North Korean version of Facebook (Starcon.net.kp) using “admin” and “password” as login details. This gave the Scottish teenager complete control on this website along with the power to delete and suspend users, modify the name of the website, censor content and also control the forthcoming ads. Not just this, it also gave him the authority to “see everyone’s emails”

Anonymous Did Not Release Donald Trump’s Tax Returns (HackRead) There’s little doubt that Anonymous is a huge movement which doesn’t have any official leadership and that is precisely the reason it often gets hijacked by malicious actors

Anonymous Leaks Employee Details from National Oil Corporation of Kenya (Softpedia) Only a few hundred affected, no sensitive data included

Pakistan’s “No. 1” property website Zameen.com hacked by “Bangladeshi” cyber attacker (Daily Pakistan) The website of popular Pakistani real-estate portal, Zameen.com was reportedly hacked today (Saturday), according to claims by different social media users

Katy Perry’s Twitter account, the platform’s most followed, got hacked (TechCrunch) Many of Katy Perry’s 89 million Twitter followers—the most on the platform—were probably intrigued and confused when the pop star tweeted supposed archnemesis Taylor Swift this morning. As it turns out, that tweet—along with several others that were filled with profanity and slurs—was the work of a hacker and quickly deleted

Brazil a major cyber security risk ahead of Rio Olympics (ITProPortal) There have been plenty of concerns in the news over Brazil’s readiness to host this year’s summer Olympics, ranging from the Zika virus and political unrest to poor ticket sales

Kaspersky: Charging your smartphone with USB and laptop could get you hacked 0 (Thai Visa) You may have thought that plugging your mobile phone into your computer to charge it up was pretty safe – in actual fact you would be wrong

Don't panic, says Blue Coat, we're not using CA cert to snoop on you (Register) Symantec and partner say HTTPS certificate-issuing powers used only for testing

Respect my Certificate Authority! (IT News) You should decide who to trust. When infosec equipment vendor Blue Coat was issued an intermediate Certificate Authority (CA) signed by Symantec, not only did it create an uproar in the security industry, but it also (again) raised the question of why we're still using CAs

Scott Walker’s campaign is selling donors’ email addresses (Naked Security) Are you one of the people who ponied up money to support the US presidential campaign of Wisconsin Gov. Scott Walker?

Academia

Teacher at forefront of cyber security education (Winnipeg Free Press) A Sisler High School teacher’s commitment to cyber security and technology education has earned him national recognition

The Romanian Teen Hacker Who Hunts Bugs to Resist the Dark Side (Wired) It's 3 A.M., and his eyes are almost closed. The pack of gummy bears on his desk is empty. So’s the Chinese takeout box. Romanian white hat hacker Alex Coltuneac has had three hours of sleep tonight. And last night. And the night before that. He’s busy trying to find a vulnerability in YouTube live chat, which he plans to report to the company and hopefully get some money in return. None of the bugs he has discovered in the past few days electrifies him, so he keeps digging

Litigation, Investigation, and Enforcement

Why Microsoft Is Suing the Feds Over Issues of Privacy and Security (Wall Street Journal) President Brad Smith explains the company’s stance on searches and seizure of data in secret

Microsoft, Mexican drug lords and the Fight for New York (Alphr) In a corner of Microsoft’s Redmond campus there sits a plain, unremarkable building. Slip inside, and a black wall sports a map of the world pin-pricked with lights so bright that you can’t stare at them for long. The lights spell out Microsoft Cybercrime Center. And it’s the last place you’d expect to find a trophy taken from a Mexican drug cartel

Holder: Edward Snowden performed 'public service' (USA Today) Fugitive former National Security Agency contractor Edward Snowden damaged U.S. interests but also performed a public service when he leaked national security documents in 2013, former U.S. attorney general Eric Holder said Monday

US State Dept. Report Alleges Hillary Clinton Deceived Staff, Officials And Americans – OpEd (Eurasia News) The Office of the Inspector General (OIG) at the U.S. State Department’s following what it claims was an extensive probe has released to federal lawmakers and other interested parties a “highly critical analysis” of former Secretary of State Hillary Clinton’s communications security practices while she headed the department. The report, which was released on Wednesday, alleges that she failed to seek legal approval for her use of a private email server and her hiring of a private Internet company to maintain the server

“Google stole Java”: Oracle loses again, case closed – for now (Naked Security) Four years ago, give or take a few days, we wrote an article entitled Google wins, Oracle loses: Java API case closed

Conspirator Pleads Guilty to Bank Fraud Scheme Involving Over 200 Victims (United States Attorney's Office, District of Maryland) Shivani Patel, age 30, of Reisterstown, Maryland, pleaded guilty today to bank fraud conspiracy and aggravated identity theft arising from a scheme to use stolen credit information of more than 200 victims to defraud financial institutions

Hacker imprisoned for stealing Bitcoin, selling botnet on Darkode (Help Net Security) A Louisiana man was sentenced to 12 months and one day in prison for using a computer to steal money, hacking computers to obtain passwords, and attempting to sell information on the online hacking forum known as Darkode

Boosting Old-Fashioned Detective Work Digitally (SIGNAL) Drones and big data technology augment surveillance efforts

Design and Innovation

What you need to know about electronic signatures (INTHEBLACK) With their sound legal standing and almost universal acceptance, electronic and digital signatures are rapidly changing the world of commerce

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Innovations in Cybersecurity Education Workshop 2016 (Halethorpe, Maryland, USA, June 3, 2016) Innovations in Cybersecurity Education is a free regional workshop on cybersecurity education from high school through post-graduate. It is intended primarily for educators who are teaching cybersecurity at high schools, colleges, and community colleges. Anyone is welcome to attend, including teachers, students, administrators, researchers, and government officials. It will highlight master teachers and ongoing educational projects, including an effort at the US Naval Academy to teach cybersecurity to all midshipmen. The workshop will feature hands-on learning activities, including secure programming, cyber competition, and an educational game. The workshop is free and open to the public — all are welcome to attend. This workshop will to be of interest to educators, school administrators, undergraduate and graduate students, and government officials. Lunch will be provided.

TECHEXPO Cyber Security Hiring Event (Tysons Corner, Virgina, USA, June 30, 2016) Cyber security professionals are invited to interview face-to-face with employers including The CIA, Deloitte, Intel Security, Northrop Grumman, Lockheed Martin, Deloitte, Vencore and many more. Hundreds of career opportunities are available in cyber security that need to be filled immediately. Bring copies of your resume with you and interview in person, representing yourself better than any online application ever could.

Borderless Cyber Europe (Brussels, Belgium, September 8 - 9, 2016) Join CIOs, CISOs and cyber threat intelligence experts from industry, government and CSIRTs worldwide to share experiences, strategies, tactics and practices that will improve your state of preparedness and more effectively protect your business against cyber threats. You will learn how to build communities of practice between C-level professionals and IT security practitioners, access the latest cyber threat information sharing and get actionable experiences from real-world use cases.

upcoming Events

C³ Voluntary Program Regional Workshop: Understanding and Managing Cyber Risk in the Water and Energy Sectors (Indianapolis, Indiana, USA, June 1, 2016) The Department of Homeland Security's Critical Infrastructure Cyber Community (C3) Voluntary Program and the Indiana Utility Regulatory Commission (IURC) will host a free cybersecurity risk management workshop for Water and Energy Sectors. Topics to be covered include an overview of the Cybersecurity Framework and C3 Voluntary Program, cyber threat information sharing for water and energy organizations, and tools and resources for small and midsize businesses, in particular small and midsize water and natural gas utility companies.

SecureWorld Atlanta (Atlanta, Georgia, USA , June 1 - 2, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 12-16 CPE credits through 60+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

ISS World Europe (Prague, Czech Republic, June 7 - 9, 2016) ISS World Europe is the world's largest gathering of regional law enforcement, intelligence and homeland security analysts as well as telecom operators responsible for lawful interception, hi-tech electronic investigations and cyber intelligence gathering. ISS World programs present the methodologies and tools for law enforcement, public safety and government intelligence communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities conducted over today's telecommunications network and the internet.

Data Breach & Fraud Prevention Summit Asia (Mumbai, India, June 8, 2016) ISMG’s Data Breach & Fraud Prevention Summit Asia – Mumbai is a one-day event that will focus on the latest fraud techniques and technologies, as well as a holistic, strategic approach to looking at the data breach threat that impacts all industries. Whether you are forming opinions on how to view the recent global Apple Vs. FBI debate, want to learn more about the breach incidents, or just look forward to networking with your peers on cybersecurity challenges, we are confident you will gain tremendous insight throughout the event. CyberWire readers can use the discount promo code "CW20" when registering with dbfpmumbai@ismgcorp.com to receive 20% off the conference price.

New York State Cyber Security Conference (Albany, New York, USA, June 8 - 9, 2016) June 8-9 marks the 19th Annual New York State Cyber Security Conference and 11th Annual Symposium on Information Assurance (ASIA) and we invite you to join us for this nationally recognized event. The event takes place in Albany, New York and is cohosted by the New York State Office of Information Technology Services, the University at Albany's School of Business, and The New York State Forum, Inc. This conference offers something for everyone -- whether you're an end user, IT professional, government employee, or business owner.

SecureWorld Portland (Portland, Oregon, USA, June 9, 2016) Join your fellow security professionals for affordable, high-quality cybersecurity training and education. Earn 6-12 CPE credits through 30+ educational elements learning from nationally recognized industry leaders. Attend featured keynotes, panel discussions & breakout sessions all while networking with local peers

SIFMA Cyber Law Seminar (New York, New York, USA, June 9, 2016) During this full-day program attorneys and compliance professionals will gain insights and regulatory perspectives on cybersecurity law as well as strategies for how to take an active and valuable role in their firm’s cyber defense plan. Steve Bunnell, Department of Homeland Security, and Richard Jacobs, Federal Bureau of Investigation NY Branch, will provide keynote remarks.

Cleared Job Fair (Tysons Corner, Virginia, USA, June 9, 2016) ClearedJobs.net connects you with cleared facilities employers, including Federal Acquisition Strategies, Firebird Analytical Solutions & Technologies, Leidos, PAE, TRIAEM, Commonwealth Computer Research, Inc., Syntera and more. Receive free professional resume reviews during the job fair, as well as the latest informaiton on security clearance reinvestigations. Positions employers are seeking to fill include jobs in cyber security, intel, information security, help desk personnel, network operations engineers, systems engineers, software development and engineering, program and project management, system administration, database administration, financial management, and many other trades. For professionals with an active or current security clearance only.

SANSFIRE 2016 (Washington, DC, USA , June 11 - 18, 2016) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2016 is our annual "ISC Powered" event. Evening talks tap into the expertise behind our daily postings, podcasts, and data collection efforts focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are cyber security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.

4th International Conference on Cybercrime and Computer Forensics (ICCCF) (Vancouver, British Columbia, Canada, June 12 - 14, 2016) For the past four years, APATAS has organized the International Cybercrime and Computer Forensics conference at various locations throughout Asia. In 2016, our 4th annual ICCCF is moving for the first time to Simon Fraser University’s Harbour Centre campus and Centre for Dialogue at downtown Vancouver, Canada. North America has been a pioneer in cybercrime research, policy and practice since the mid-1980s. As expected, we have witnessed increasing technological developments in both personal computing and in smart-phone and wireless devices that have had an impact on how technology-enabled crimes have been committed in the Asia Pacific region and beyond. One of the key approaches to understanding such crime is through research and incorporating the outcome of research into policy and practice. The 4th Annual ICCCF 2016 Vancouver, BC, Canada therefore focuses its discussion on ‘Cybercrime: Linking Research, Policy, and Practice.’

Show Me Con (St. Charles, Missouri, USA, June 13 - 14, 2016) SHOWMECON. The name says it all. Known as the Show Me State, Missouri is home to St. Louis-based ethical hacking firm, Parameter Security, and security training company, Hacker University. Together, they are bringing you a one-of-a-kind event that will Show You the State of security from a unique perspective — the hacker?s viewpoint

CISO DC (Washington, DC, USA, June 14, 2016) Tactics and best practices for taking on enterprise IT security threats. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.

The Security Culture Conference 2016 (Oslo, Norway, June 14 - 15, 2016) The Security Culture Conference 2016 is the leading, global conference discussing how to build, measure and maintain security culture in organizations. The conference is a part of the Security Culture Framework Community, and draws professionals from around the world to meet, share and learn about security culture.

2016 CyberWeek (Tel Aviv, Israel, June 19 - 23, 2016) The conference, held jointly by the Blavatnik Interdisciplinary Cyber Research Center (ICRC), the Yuval Ne'eman Workshop for Science, Technology and Security, the Israeli National Cyber Bureau, Prime Minister's Office and Tel Aviv University, in collaboration with the Ministry of Foreign Affairs, will bring together high level international cyber experts, policy-makers, academia and researchers, security officials and foreign diplomats, attracting many participants from around the world for an exchange of knowledge, methods and ideas evolving field of cyber.

Cyber Security for Critical Assets LATAM (Rio de Janeiro, Brazil, June 21 - 22, 2016) Cyber-attacks on critical infrastructure have become an increasing threat for Latin American governments and companies within the oil and gas, chemical and energy sectors. Although the attack frequency is increasing, companies are still reluctant to develop strategies to fight them. As cyber-attacks grow in sophistication, frequency and intensity, these companies are increasingly becoming high profile targets. The Cyber Security for Critical Assets LATAM Summit aims to bring together the key players involved in Cyber Security and defending critical infrastructure against the ever growing threat of attacks. The conference will connect process control and corporate IT senior level professionals, allowing them to discuss challenges, share experiences and investigate best practice guidelines. This in turn will lead to the building of robust policies and standards that will protect the future of LATAM’s critical assets.

National Insider Threat Special Interest Group - South FL Chapter Kickoff Meeting (Palm Beach, Florida, USA, June 21, 2016) The National Insider Threat Special Interest Group (NITSIG) is excited to announce the establishment of a South Florida Chapter. Presentations and discussions will be provided by Insider Threat Defense, Inc. and the FBI. The meeting will focus on: how to recognize potential insider threat problems, employee behavioral indicators of concern, and strategies for insider threat risk mitigation.

Cyber 7.0 (Laurel, Maryland, USA, June 22, 2016) Cyber 7.0 delves into the cyber threat to the nation’s critical infrastructure—transportation, health care, utilities, and energy, to name a few. How can government and industry work together to battle the threats to personal and public safety? For the seventh year, regional cyber experts, small entrepreneurs, large businesses, and government organizations come together to discuss, connect, and strategize. Be a part of the solution. Sponsor, exhibit, attend.

Security of Things World (Berlin, Germany, June 27 - 28, 2016) Security. Privacy. Connected Devices. Exploring Security and the Internet of Things. A world class event focused on the next information security revolution. Be part of Security of Things World in June in Berlin to tailor your proposition to respond to the security concerns that preoccupy enterprise customers today and find pragmatic solutions to the most common security threats.

SANS Salt Lake City 2016 (Salt Lake City, Utah, USA , June 27 - July 2, 2016) We are pleased to invite you to SANS Salt Lake City 2016, June 27-July 2. Are you ready to immerse yourself in the most intense cyber training experience available anywhere? Do you need to become a more effective leader when implementing security improvements for your organization? Do you need a more in-depth knowledge of the theory and implementation of computer security, hacker tools and incident handling, advanced digital forensics, defending web apps, or ISC/SCADA? This new event has been planned to meet your needs. Start making your plans now to attend SANS Salt Lake City 2016!

DC / Metro Cyber Security Summit (Washington, DC, USA, June 30, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.